P
US8074274B2ActiveUtilityPatentIndex 62

User-level privilege management

Assignee: WANG HONGPriority: Dec 29, 2006Filed: Dec 29, 2006Granted: Dec 6, 2011
Est. expiryDec 29, 2026(~0.5 yrs left)· nominal 20-yr term from priority
Inventors:WANG HONGCHINYA GAUTHAMWANG PERRYCOLLINS JAMISONHANKINS RICHARD AHAMMARLUND PERSHEN JOHN
G06F 9/468G06F 12/1027G06F 2212/1052
62
PatentIndex Score
3
Cited by
16
References
23
Claims

Abstract

In one embodiment, the present invention includes a method for receiving a request from a user-level agent for programming of a user-level privilege for at least one architectural resource of an application-managed sequencer (AMS) and programming the user-level privilege for the at least one architectural resource using an operating system-managed sequencer (OMS) coupled to the AMS. Other embodiments are described and claimed.

Claims

exact text as granted — not AI-modified
1. A method comprising:
 receiving a request in an operating system-managed sequencer (OMS) of a hardware processor from a user-level agent for programming of a user-level privilege for at least one architectural hardware resource of an application-managed sequencer (AMS) of the processor including next instruction pointer logic coupled to the OMS that is not visible to the operating system (OS) and which operates at a lower privilege level than the OMS; 
 programming the user-level privilege for the at least one architectural hardware resource of the AMS using the OMS to write a value indicative of a selected privilege level to a sequencer privilege descriptor (SPD) associated with the AMS, wherein the AMS is to directly control access at the user-level to the at least one architectural hardware resource; and 
 converting a function call into a user-level shred, and sending the user-level shred by the OMS to the AMS, wherein the selected privilege level of the AMS is programmed to be more constrained than the OMS. 
 
     
     
       2. The method of  claim 1 , further comprising determining whether to program the user-level privilege based on an authority level of the user-level agent. 
     
     
       3. The method of  claim 1 , further comprising receiving the request from a second AMS for programming of the user-level privilege, wherein the AMS and the second AMS are of heterogeneous instruction set architectures. 
     
     
       4. The method of  claim 1 , wherein the value comprises a plurality of portions each corresponding to a different architectural hardware resource of the AMS. 
     
     
       5. The method of  claim 1 , further comprising determining in the AMS whether access to a first architectural hardware resource is permitted based on the user-level privilege, and if not, signaling the OMS. 
     
     
       6. The method of  claim 5 , further comprising setting a permission indicator in a page table entry of a translation lookaside buffer (TLB) of the AMS by the OMS if the user-level privilege is indicative of permitted access to the page table entry by the AMS. 
     
     
       7. The method of  claim 6 , further comprising retiring an instruction in the AMS that accesses the page table entry without signaling the OMS if the permission indicator is set. 
     
     
       8. The method of  claim 1 , further comprising detecting an access violation on the AMS responsive to the user-level shred and notifying the OMS. 
     
     
       9. The method of  claim 1 , wherein the SPD comprises a composite SPD including a plurality of fields each to indicate access to a register type. 
     
     
       10. The method of  claim 9 , wherein the programming includes setting selected ones of the plurality of fields to a first value to indicate access permission and other ones of the plurality of fields to a second value to indicate access prevention. 
     
     
       11. The method of  claim 9 , wherein each of the plurality of fields comprises a multi-bit value to identify one of a plurality of levels of permission to the corresponding register type. 
     
     
       12. An apparatus comprising:
 an execution unit of an application-managed sequencer (AMS) of a hardware processor to perform operations on data responsive to user-level instructions, the execution unit including a plurality of application architectural resources and which is not visible to an operating system (OS) that executes on an operating system-managed sequencer (OMS); 
 a sequencer privilege descriptor (SPD) associated with the execution unit, the SPD to store at least one value indicative of a selected privilege level to the plurality of application architectural resources, the SPD generated at user-level responsive to a user-level request and accessible by the AMS to directly control access to the plurality of application architectural resources at the user-level; and 
 wherein the OMS is to convert a function call into a user-level shred, and send the user-level shred to the AMS, wherein the selected privilege level of the AMS is programmed to be more constrained than the OMS. 
 
     
     
       13. The apparatus of  claim 12 , wherein the SPD is to be programmed under control of the OMS associated with the execution unit. 
     
     
       14. The apparatus of  claim 13 , wherein the execution unit is to signal the OMS if an access to one of the plurality of application architectural resources violates the user-level privilege. 
     
     
       15. The apparatus of  claim 12 , wherein the SPD comprises a plurality of individual descriptors each to store an indicator corresponding to the user-level privilege for a given category of application architectural resource. 
     
     
       16. The apparatus of  claim 15 , wherein at least one of the individual descriptors includes a plurality of locations each to store an indicator corresponding to the user-level privilege of a group of registers of the execution unit. 
     
     
       17. The apparatus of  claim 12 , further comprising a second execution unit coupled to the execution unit, wherein the second execution unit is to request programming of the SPD associated with the execution unit, wherein the request is to be handled by an operating system-managed sequencer (OMS) coupled to the execution unit and the second execution unit. 
     
     
       18. The apparatus of  claim 12 , wherein the execution unit further comprises a translation lookaside buffer to store a plurality of entries each including an address translation and a permission indicator to indicate whether the execution unit is permitted to retire an instruction that accessed the corresponding entry without a transfer of control to an operation system-managed sequencer (OMS) associated with the execution unit. 
     
     
       19. An article comprising a non-transitory machine-readable storage medium including instructions that if executed by a machine enable the machine to perform a method comprising:
 receiving a request in an operating system-managed sequencer (OMS) of a processor from a user-level agent for programming of a user-level privilege for at least one architectural hardware resource of an application-managed sequencer (AMS) of the processor, including next instruction pointer logic, coupled to the OMS that is not visible to the operating system (OS) and which operates at a lower privilege level than the OMS; 
 programming the user-level privilege for the at least one architectural hardware resource using the OMS to write a value indicative of a selected privilege level to a sequencer privilege descriptor (SPD) associated with the AMS, wherein the AMS is to directly control access at the user-level to the at least one architectural hardware resource; and 
 converting a function call into a user-level shred, and sending the user-level shred by the OMS to the AMS, wherein the selected privilege level of the AMS is programmed to be more constrained than the OMS. 
 
     
     
       20. The article of  claim 19 , wherein the value comprises a plurality of portions each corresponding to a different architectural hardware resource of the AMS. 
     
     
       21. The article of  claim 19 , further comprising instructions that when executed enable the machine to determine in the AMS whether access to a first architectural hardware resource is permitted based on the user-level privilege, and if not, signaling the OMS. 
     
     
       22. The article of  claim 19 , further comprising instructions that when executed enable the machine to set a permission indicator in a page table entry of a translation lookaside buffer (TLB) of the AMS by the OMS if the user-level privilege is indicative of permitted access to the page table entry by the AMS. 
     
     
       23. The article of  claim 22 , further comprising instructions that when executed enable the machine to retire an instruction in the AMS that accesses the page table entry without signaling the OMS if the permission indicator is set.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.